Hackers shut down stalkerware companies that spy for spouses and parents, delete and dump their files

Originally published at: http://boingboing.net/2017/04/18/democratized-surveillance.html


I approve of clever Hackers reference name. Also fuck those creeps.


The hacker behind the FlexiSpy breach went by the handle Leopard Boy

Kinda kinky…


I would hope so


“Late Stage Capitalism Takes The Smallest of Gutpunches And I Couldn’t Be Happier”


Not all tracking apps are for cheating spouses - some have legit uses. I actually have all of my android devices loaded with Cerberus, which is like Find My iPhone for Android on steroids.

I can force the phone to ring even when on silent (and snap a photo of whoever dismisses the call/message). I can snap a photo of whoever inputs a wrong unlock code. I can remotely lock and wipe the phone. I can record audio and video and snap photos using both front and back camera and can even capture screenshots of what’s being used. I can get call logs and recent messages.

Now why do I use this? Am I worried about cheating? NOPE. I have a son who is autistic and suffers from ADHD. Being able to track him and call him when I worry has saved us many times when he’s gone AWOL. He’s also had his phone stolen twice in one year (both at school) - kids think that ADHD is a licence to pick on other students. Both times sending messages to the phone saying “Don’t be stupid, I’ve tracked this phone - just bring it back and say you found it” have worked. A third time it was stolen I locked and wiped it while tracking it heading towards the seedier part of downtown SF.

Cerberus is the first app I ever paid for, and is good for a lifetime on 5 devices. I’ve never used it to SPY on anyone, and everyone knows they have the app installed on their device. Most of the time they ask me to locate the missing phone for them.


Occasionally I would use “Mr. Plague” as a handle during LAN party multiplayer gaming sessions back in college, oh so long ago.


The emphasized portion of that statement makes all the difference in the world! It’s an old story, even the most potentially destructive tools can have legitimate uses. I use a FitBit and some active location trackers on my tablet to help me with my jogging pace, but I very much understand other people that avoid any kind of tracking like the plague.

Sorry to hear your son has been taken advantage of like that. People can be really scummy, and I’m glad you’ve found good tools to help combat that, at least in some part.


My mother-in-law had dementia and would sometimes find her husband’s car keys and disappear for several days at a time, never bothering to call or answer her phone. An app like this would have alleviated a lot of stress and worry.


I’m glad you have tools at your disposal for making sure your son is safe. It’s pretty shitty that others think they can take advantage of someone else like that.

The issue is that the companies that do offer tools like these seemingly have little accountability or responsibility for how their technology ends up being used. Which granted may be a very hard thing to control once they make a sale to someone, but marketing primarily to abusers and stalkers sends a clear message that they have no moral ground to stand on.


This is one of the few cases where a tracking app is a good thing, I think.


Good to see Joseph continues to do good work. :slight_smile:

I actually met him (the co-author of the article) when I was in Berlin the week before last. Nice guy.

1 Like

In the UK, this business model is illegal under the Misuse of Computers Act.


While everyone knows about the app - it does still have some sort of stigma attached to it that gives it a bad reputation. My wife loves the app when we can locate a missing device, but then will insist that I remove the app because she doesn’t want to be tracked and that it feels creepy.

I let her know I don’t use any of the tracking features and if I do have to locate it I tell her I am.

It has become less of an issue with her now that she switched to an iPhone. Thanks to the restrictive policies of iOS (no root access, no background processes, etc) - we can’t use this app with Apple. It also points out the limits of Find My iPhone - there really isn’t a viable Apple version for those who need this utility.

I do know that most of these spy apps that people install on their spouses iPhone require the device to be Jailbroken (rooted). This means the phone has to be out of service for a short while and in the possession of the husband in order to JB it. Also, the latest version of iOS has not been rooted yet - and it gets harder with each new version.

So one good thing is that you should be suspicious if a spouse decides to “gift” you an iPhone, especially one that hasn’t been updated to the latest version…


I guess it is a good thing that most of these companies (all?) aren’t based in the UK then…

Are you implying that a husband can install your Android software without having the device in their physical possession?

referring to:
My mother-in-law had dementia and would sometimes find her husband’s car keys and disappear

It’s an issue I have been thinking about because I want my elderly father to keep his much-prized independence but I do want to be able to deal with potential accidents when he is out.
There are trackers for people with dementia or other illnesses which are pure trackers and so not very invasive. The downside of phones for people with dementia is battery life - if someone is away for several days the battery will run down if they forget to recharge, and if the phone has battery saver software it will disable GPS and apps before that happens. Tracking devices for cars work better because, of course, the car battery has far more capacity and tends not to run down for a long time. I’ve been thinking of putting one on his mobility scooter, because he can’t go far without it.


It was worrisome for us. My father-in-law got to the point where he had to disconnect spark plugs every time he parked the car in case his wife found the keys and tried to drive away. One time when they went out for lunch, he got up to use the restroom and she grabbed the car keys off the table and left him stranded at the restaurant. She didn’t have her mental faculties together because of the dementia so we were concerned that she might cause an accident or drive the wrong way on a freeway and kill somebody. She died a couple years ago of natural causes and fortunately her driving excursions, though very concerning, were accident-free.


I was more referring to the fact that JB’ing an iPhone is a more involved process - and the phone cannot be updated after that or you lose the JB. Also, newer JB’s are tethered, which means if the phone is restarted, the process has to be done again while hooked up to a PC. It’s really suspicious if you have to give your phone to the hubby every time you restart or run the battery down to “reset it.”

Many Android phone can be rooted and OTA’s blocked.

If you jailbreak an iphone, you don’t lose it if you turn the phone on and off so it wouldn’t be “every time you restart.”


“In early 2017, Luca and Marco Grassi updated Yalu with another exploit, adding support for iOS 10.2. This updated tool is called yalu102 and can be used now to jailbreak all non-iPhone 7/7 Plus 64-bit devices on iOS 10.2. Like Mach_Portal + Yalu jailbreak for iOS 10.1.1, the yalu102 10.1.1-10.2 jailbreak is semi-untethered in nature.”

I bolded the part about it being tethered - which means every reboot causes a loss of the JB.

Per Redmond Pie - a site you would know if you knew anything about Jailbreaking iOS devices…which it sounds like you don’t (LOL).